EuroISPA Contribution to the proposal on CSA 2.0. and the Directive on Simplification Measures and Alignment with the Cybersecurity Act

/in , ,

EuroISPA welcomes the European Commission’s proposals for a revised CybersecurityAct (CSA 2.0) and the accompanying NIS2 Simplification Directive as meaningful steps towards a stronger European cybersecurity framework.

At the same time, we believe further work is needed. Our key priorities:

  • Certification schemes must remain strictly technical
  • Reporting obligations must be harmonised across NIS2, CRA, GDPR and DORA, with a single audit principle
  • Supply chain risk assessments must be objective and evidence-based
  • Mandatory ICT asset phase-out must remain proportionate and economically sustainable manner
  • NIS2 simplification measures are essential to support SME and mid-cap operators and preserve competition
  • Internally developed tools not placed on the market should be exempted from certification requirements
  • Open source communities, SMEs, and independent developers must be recognised as key contributors to Europe’s cyber resilience

A secure and competitive European digital ecosystem requires a framework grounded in technical evidence, operational feasibility, and proportionality. We look forward to engaging with co-legislators on these important EU policy issues.

2605-EuroISPA-Contribution-to-CSA-Review-and-the-NIS2-Simplification-DirectiveDownload

Joint Industry Statement on the Digital Omnibus on AI calling for a swift agreement with simplification at its core

/in ,

The undersigned industry associations represent a broad spectrum of companies operating across Europe and beyond, spanning the entire AI value chain. Our members are at the forefront of transformative advances in AI technologies, which generate substantial benefits to the EU’s economy and society.


On 19 November 2025, the European Commission presented its Digital Omnibus on AI, delivering on the objectives of its Communication on a Simpler and Faster Europe to promote “unprecedented simplification measures that aim to radically lighten the regulatory load”. In line with the Letta and Draghi reports, the proposal promotes forward-looking, innovation-driven policies to strengthen the European Union’s competitiveness, reduce regulatory burdens, and uphold its core values. We, the signatories of this joint statement, welcome this initiative and share the Commission’s commitment to a clear, simple and innovation-friendly implementation of the AI Act, as set out in the AI Continent Action Plan and the Apply AI Strategy. The AI Omnibus is an important step in the right direction.


As both co-legislators adopted their respective positions, we call on them to swiftly reach a final agreement, support a highly ambitious text, and ensure that regulatory simplification remains at its core. We welcome the alignment between both the European Parliament and the Member States regarding fixed compliance deadlines for high-risk AI systems, and we fully support the Parliament’s amendment to move Section A of Annex I into Section B in order to streamline overlaps with existing EU sectorial legislation, avoid unnecessary duplication, and support a clear and integrated conformity pathway. These approaches not only uphold the essence of simplification but also preserve high safety standards while improving legal certainty, regulatory efficiency, and predictability for innovation.


However, we strongly encourage policymakers to consider some key targeted adjustments to retain the initial ambition of the simplification agenda, as well as to ensure that the framework is genuinely innovation-friendly and technology-neutral. We urge co-legislators to adopt a pragmatic simplification approach by not only maintaining the European Commission’s proposed grace period for generative AI labelling under Article 50(2), but also extending it to a more realistic period of 12 months. EU negotiators should also extend the grace period to the labelling requirements set out in Article 50(4). Finally, the provision must be extended to cover new systems on the market. The grace period is currently limited to AI systems already on the market before 2 August 2026 and therefore does not provide legal certainty for systems placed on the market after that date. Without such adjustments, these unclear obligations, pending the development of a Code of Practice and guidance from the AI Office, risk creating inconsistency, legal uncertainty, and delays to product releases (and thus AI innovation in Europe).


Furthermore, we fully support both the principle and the importance of the proposals for the prohibition of AI systems used for “nudification”, non-consensual intimate imagery (NCII), and child sexual abuse material (CSAM). When addressing this issue, policymakers should ensure consistency with the European Commission’s guidelines on prohibited practices under the AI Act.


Finally, we recommend returning to the Commission’s proposal to allow AI systems not classified as high-risk to be exempt from registration in the EU database. This approach would streamline compliance and reduce disproportionate burdens on companies and enforcement authorities, while preserving the risk-based approach of the EU AI Act.


These simplification efforts are essential to ensuring that the implementation of the AI Act is smooth, predictable, and conducive to innovation, thereby enabling Europe to strengthen its position as a global leader in AI and to pursue a safe and effective AI-first approach.


We look forward to continuing to work constructively with EU policymakers in support of these shared objectives.

Your sincerely,

The undersigned:
ACT – The App Association
American Chamber of Commerce to the European Union (AmCham EU)
Association des Services Internet Communautaires (ASIC)
Association of the Internet Industry (ECO)
Business Software Alliance
Chamber of Progress
Computer & Communications Industry Association (CCIA Europe)
Developers Alliance
DOT Europe
European Association of Internet Services Providers (EuroISPA)
European Automotive Manufacturers’ Association (ACEA)
Federation of European Data and Marketing (FEDMA)
German Association for the Digital Economy (BVDW)
ITI, Information Technology Industry Council
Union of Entrepreneurs and Employers (ZPP)

Read the full joint statement here:

Joint-Industry-Statement-Digital-Omnibus-on-AIDownload

Joint industry statement from EuroISPA, CISPE and the European DIGITAL SME Alliance

/in ,

EuroISPA, CISPE and Digital SME Alliance’s reaction to current legislative developments in Italy
on the extension of a copyright levy on private copies stored in cloud

The organisations EuroISPACISPE and the European DIGITAL SME Alliance would like to share their concern on the worrying developments in Italy on the introduction of a recurring private copy levy specifically targeting cloud storage services, based on Article 5 on Exceptions and Limitations of Directive 2001/29/EC on the harmonisation of certain aspects of copyright and related rights in the information society (InfoSoc Directive).  

Context: 

A new Italian decree, whose final version has been signed by Italy’s Minister of Culture on 23 February 2026, introduces a monthly levy on “cloud memory or cloud storage space”, calculated per GB and per user (with a monthly cap per user), as well as new reporting and administrative obligations for providers, shifting the system from a one-off levy on devices and supports to a recurring charge on the mere availability of cloud storage

The decree is currently awaiting its publication in the Official Journal of Italy. 

Risks: 

The signatories are concerned about the repercussions that this measure might have at European level, as well as potential consequences if applied to any remote storage accessible to nationals, including a presumption of some private use in B2B cases. 

In particular, this approach may: 

  1. Create fragmentation within the EU Single Market: Should other Member States adopt similar measures, this would risk introducing divergent national regimes, thereby undermining the integrity and proper functioning of the EU Single Market; 
  1. Undermine EU and national digitalisation objectives: Such measures would run counter to key EU and national policy goals aimed at accelerating digital transformation, including the Digital Decade target of achieving 75% cloud uptake and the AI Continent Action Plan objective of tripling data centre capacity; 
  1. Conflict with the EU’s simplification and competitiveness agenda: The proposed system risks introducing significant administrative and financial burdens for companies operating in Italy, including innovative SMEs, thereby undermining efforts to streamline regulatory frameworks and enhance Europe’s competitiveness; 
  1. Level playing field concerns: The current framework may also create competitive imbalances, making it easy to impose levies on operators with an Italian operational base, while their international competitors are much more likely to avoid them due to legal complexity and the regulator’s limited monitoring capacity; 
  1. Lack sufficient legal justification: As further detailed below, the introduction of such measures appears unsupported by evidence of concrete harm. 

The 2022 Court of Justice of the European Union (CJEU) judgment on Austro-Mechana v Strato1 expressly limited any “fair compensation” under Article 5(2)(b) of Directive 2001/29/EC to be strictly linked to the actual harm suffered by rightsholders as a result of private copying. In particular, the Court reiterated that such compensation must be demonstrably connected to the harm caused; however, the Italian decree does not appear to provide evidence establishing either the existence or the extent of such harm. 

In light of this development, EuroISPA, CISPE and Digital SME Alliance call for: 

  1. An urgent discussion between the Commission and Italy to ascertain the legality of the Decree and mitigate its imminent negative effects on the Single Market; 
  1. The Commission to urgently initiate a review of the InfoSoc Directive with the view of harmonising copyright levies at European level before every Member States adopts their own different rules, leading to a serious fragmentation of the single market and jeopardising the EU’s digitalisation, simplification and competitiveness objectives. 

Signatories: 

  • EuroISPA (European Internet Services Providers Association) 

Established in 1997, EuroISPA is the world’s largest association of Internet Services Providers Associations, representing over 3,300 Internet Service Providers (ISPs) across the EU and EFTA countries. EuroISPA is recognised as the voice of the EU ISP industry, reflecting the views of ISPs of all sizes from across its member base. 

  • CISPE (Cloud Infrastructure Services Providers in Europe) 

CISPE is the largest and most representative organisation for European cloud infrastructure providers, with a sovereign governance protecting it against foreign influence. Since 2016, CISPE has been working with EU institutions to support reasonable and ambitious cloud policies that strengthen Europe’s digital competitiveness, sovereignty and sustainability. Besides policy work, CISPE also develops concrete tools for the industry to comply with legislation such as the GDPR and the Data Act and issues warnings against developments around Europe that could threaten the health of the European cloud ecosystem. 

  • European DIGITAL SME Alliance 

The European DIGITAL SME Alliance is the largest network of ICT small and medium enterprises in Europe, representing more than 45,000 companies. DIGITAL SME is the joint effort of 30 national and regional SME associations from EU member states and neighbouring countries to put digital SMEs at the centre of the EU agenda. 

Read the full joint statement here:

Statement-on-Cloud-copyright-levy-EuroISPA_CISPE_EUDigitalSMEAllianceDownload

EuroISPA published its position paper on the Digital Omnibus Package

/in ,

EuroISPA welcomes the European Commission’s objective to simplify the EU digital regulatory framework. A coherent simplification agenda is essential to strengthen Europe’s competitiveness, increase legal certainty for businesses, and ensure that the EU digital acquis remains fit for the next decade.


While the proposed measures represent a constructive step, EuroISPA would like to draw attention to the need for further efforts to address overlapping obligations, fragmentation across legal instruments, and inconsistencies in implementation. Simplification should therefore go beyond adjustments to individual provisions and focus on improving coherence across the broader digital regulatory framework.


Among our key recommendations:
• Greater coherence between the GDPR and the ePrivacy framework
• Reducing unnecessary consent fatigue while maintaining strong privacy protections
• Clearer rules on pseudonymisation and scientific research
• A harmonised EU reporting framework for cybersecurity incidents
• An effective ENISA Single Entry Point that simplifies reporting through aligned definitions, thresholds and timelines across EU cybersecurity legislation

EuroISPA looks forward to engaging with EU policymakers to ensure the Digital Omnibus delivers meaningful simplification for Europe’s digital ecosystem while maintaining coherence across the digital regulatory landscape.

Read the Position Paper

EuroISPA signs Global Statement on the Role of Encryption in Securing Trust and Enabling the Digital Economy

/in , ,

Last Monday, EuroISPA, along with over 60 other organisations, endorsed a Global Statement a Global Statement on the Role of Encryption in Securing Trust and Enabling the Digital Economy.

We believe that strong encryption is essential to the global digital economy. Encryption safeguards user privacy, protects sensitive data, and enables trust, which are foundations of commerce, communication, and innovation.

Any effort to undermine encryption, whether through backdoors, key escrow systems, or technical mandates, undermines that trust. Weakening encryption introduces systemic vulnerabilities that criminals and hostile actors can exploit.

We call on governments around the globe to advance policies that protect encryption as a vital enabler of digital trust and economic prosperity. Policymakers should strengthen, not weaken, the tools that protect our shared digital infrastructure

Read the joint statement

EuroISPA Response to the Public Consultation on the Digital Fairness Act

/in ,

EuroISPA shares the European Commission’s objective to protect and empower consumers. Nevertheless, we emphasise that the EU already has the world’s most comprehensive consumer protection framework, strengthened by recent major legislative updates, including the Omnibus Directive, DSA, DMA, Data Act, and AI Act.

Should the Commission remain committed to proposing a DFA, such an initiative should fully reflect the overall aim of ensuring a simple, competitive, and innovation-friendly legal framework, which benefits both consumers and businesses. It should also enable effective and consistent enforcement of existing laws, addressing specific gaps without duplicating existing legislation. Hence, before considering any new rules, the Commission should conduct comprehensive impact assessments of existing legislation and its implementation.

Only where genuine gaps are demonstrated should evidence-based, targeted, and technologically neutral measures be considered. Even then, the Commission should first assess whether the objectives can be achieved by amending existing instruments—such as the DSA—instead of adopting a new legislative act.

EuroISPA’s specific recommendations address:

  • The relationship between regulators and businesses
  • Dark patterns
  • Addictive design
  • Unfair personalisation practices
  • Harmful practices by social media influencers
  • Issues with digital contracts
  • Simplification measures
  • Horizontal issues (age assurance, fairness by design, burden of proof, definition of consumer). 
Read the Position Paper

EuroISPA publishes its Vision for the EU mandate 2024-2029

/in , , ,

EuroISPA is excited to publish its Vision for the 2024–2029 EU Mandate, a strategic document that outlines a clear, actionable roadmap to strengthen Europe’s digital resilience, competitiveness and innovation.

In a time of rapid technological evolution and increasing global competition, Europe must pivot from being a “regulatory hyperscaler” to a continent that fosters investment, entrepreneurship and forward-looking policymaking. Our Vision identifies six key strategic priorities:

  1. Completing the Digital Single Market to reduce fragmentation and scale innovation.
  2. Simplifying regulation to empower disruption and reduce compliance burdens, especially for SMEs.
  3. Building secure and resilient digital infrastructure that supports technologies like AI and quantum computing.
  4. Defending European rights and democratic values, including strong privacy and encryption protections.
  5. Maintaining openness to global cooperation while safeguarding strategic autonomy.
  6. Advancing the green transition through smart digital sustainability and energy efficiency.

EuroISPA and its members remain committed to working closely with EU institutions and stakeholders to help shape a digital Europe that is open, competitive and aligned with core democratic principles.

Read the full Vision for 2024–2029 here: EuroISPA Vision for the EU mandate 2024-2029

EuroISPA Response to the Digital Networks Act Call for Evidence

/in , ,

EuroISPA contributed to the European Commission’s consultation on the upcoming Digital Networks Act (DNA) and emphasises the importance of a transparent, inclusive and proportionate approach to reforming the EU’s electronic communications framework.

EuroISPA’s key messages:

  • Defining limits to harmonise access regulation and network transition: Harmonised access products must remain optional and copper switch-off plans must reflect national readiness and diversity.
  • Advancing harmonisation and simplification: Simplification must lower administrative burdens without compromising national flexibility or increasing regulatory overlap.
  • Enabling technology-neutral connectivity framework: A level playing field for fibre, wireless and satellite is essential to closing the digital divide.
  • Aligning environmental legislations with existing EU frameworks: Environmental rules should align with existing horizontal ESG frameworks, avoiding telecom-specific duplication.
  • Distinguishing consumer protection from enterprise services: Enterprise and public sector services should be exempt from consumer protection rules due to their bespoke nature.
  • Ensuring proportional and non-redundant governance structures: Knowledge sharing is welcome, but expanded EU-level powers must respect the principle of subsidiarity.
  • Focusing on demand-side gaps and digital skills: Efforts should address adoption barriers and digital skills rather than expanding costly Universal Service Obligations.
  • Maintaining a consistent commitment to net neutrality: Net neutrality must remain a cornerstone of the open internet and be upheld without reinterpretation or compromise.

Read the full response to the European Commission here.

EuroISPA Letter to the European Commission on e-Evidence

/in , ,

In this letter to the European Commission, EuroISPA shares some key concerns, open questions and requests for clarification on the implementation of the e-Evidence Regulation and Directive, in anticipation of the upcoming implementing acts and the operationalisation of the decentralised IT system.

  • Clarify legal scope and applicability: EuroISPA calls for clear guidance on how the Regulation and Directive apply to service providers operating only within one Member State, especially to ensure legal certainty for smaller companies.
  • Ensure technical security and process integrity: Mandatory end-to-end encryption (E2EE), verified authentication of issuing authorities and provider-specific input fields are essential to safeguard data and streamline operations.
  • Define realistic implementation timelines: EuroISPA stresses the need for a clear roadmap, adequate lead times and technical support to avoid delays and operational disruptions during the transition to the decentralised IT system.
  • Provide fair and transparent cost reimbursement: The framework should cover both initial and ongoing compliance costs, with harmonised, accessible mechanisms for service providers to recover expenses and enforce payment.
  • Anticipate and manage request volumes: The Commission should publish request volume forecasts and engage continuously with ISPs to prepare for potential surges in legal data access requests.
  • Uphold fundamental rights: Strong safeguards, data minimisation, procedural clarity and full transparency must be upheld throughout implementation, especially to prevent over-reliance on emergency measures.

Read the full letter to the European Commission here.

EuroISPA’s contribution on Data Retention

/in , ,

EuroISPA contributed to the Call for Evidence of the European Commission on Data Retention.

Read more here

Contact details

EuroISPA

38, Rue de la Loi
1000 Brussels

+32 2 789 6618

[email protected]

General contact information | Privacy policy